CVE-2025-67475

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6,...

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant CHP supplying heat to almost half a million customers in...

Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)

Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Wordfence Bug Bounty Program Monthly Report – December 2025

Last month in December 2025, the Wordfence Bug Bounty Program received 759 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfen...

CVE-2021-47735

creationtimestamp| type| source ---|---|--- 2025-12-23 20:45:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3maomk2i3or2g 2025-12-23 21:41:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3maopo6bzwv2x...

CVE-2025-10738

creationtimestamp| type| source ---|---|--- 2025-12-13 07:03:22+00:00| seen| https://infosec.exchange/users/offseq/statuses/115710977696604993 2025-12-13 07:03:23+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m7tzwnt5rw2g 2025-12-13 11:25:30+00:00| seen|...

CVE-2025-62569

creationtimestamp| type| source ---|---|--- 2025-12-09 17:29:16+00:00| seen| https://www.thezdi.com/blog/2025/12/9/the-december-2025-security-update-review 2025-12-09 17:39:18+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0383...

Multi-Vendor BIOS Security Vulnerabilities (December, 2025) - Lenovo Support US

No description provided...

CVE-2025-27020

creationtimestamp| type| source ---|---|--- 2025-12-08 10:04:34+00:00| seen| https://infosec.exchange/users/offseq/statuses/115683378604748339 2025-12-08 10:04:35+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m7hrq2ex252l 2025-12-08 11:14:44+00:00| seen|...

CVE-2025-40310

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: resolve a race in amdgpuamdkfddevicefinisw There is race in amdgpuamdkfddevicefinisw and interrupt. if amdgpuamdkfddevicefinisw run in b/w kfdcleanupnodes and kfreekfd, and KGD interrupt generated. kernel panic log:...

CVE-2023-53755

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ptdma: check for null desc before calling ptcmdcallback Resolves a panic that can occur on AMD systems, typically during host shutdown, after the PTDMA driver had been exercised. The issue was the ptissuepending functi...

CVE-2025-40272

In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix use-after-free race in fault handler When a page fault occurs in a secret memory file created with memfdsecret2, the kernel will allocate a new folio for it, mark the underlying page as not-present in the direct...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

VulnCheck KEV: CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

CVE-2025-40252

In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend The loops in 'qedetpacont' and 'qedetpaend', iterate over 'cqe-lenlist' using only a zero-length terminator as the stopping condition. If the...

CVE-2025-40248

In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...

CVE-2025-39772

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8 2026-05-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-10...

Google patches 107 Android flaws, including two being actively exploited

Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified of all issues at least a month...

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those...

PT-2025-48598

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...